The sandboxed environment. It works like the regular environment but
tells the compiler to generate sandboxed code. Additionally subclasses of
this environment may override the methods that tell the runtime what
attributes or functions are safe to access.

If the template tries to access insecure code a SecurityError is
raised. However also other exceptions may occur during the rendering so
the caller has to ensure that all exceptions are caught.

a set of binary operators that should be intercepted. Each operator
that is added to this set (empty by default) is delegated to the
call_binop() method that will perform the operator. The default
operator callback is specified by binop_table.

The default operation form the operator table corresponds to the
builtin function. Intercepted calls are always slower than the native
operator call, so make sure only to intercept the ones you are
interested in.

a set of unary operators that should be intercepted. Each operator
that is added to this set (empty by default) is delegated to the
call_unop() method that will perform the operator. The default
operator callback is specified by unop_table.

The following unary operators are interceptable: +, -

The default operation form the operator table corresponds to the
builtin function. Intercepted calls are always slower than the native
operator call, so make sure only to intercept the ones you are
interested in.

The sandboxed environment will call this method to check if the
attribute of an object is safe to access. Per default all attributes
starting with an underscore are considered private as well as the
special attributes of internal python objects as returned by the
is_internal_attribute() function.

Check if an object is safely callable. Per default a function is
considered safe unless the unsafe_callable attribute exists and is
True. Override this method to alter the behavior, but this won’t
affect the unsafe decorator from this module.

Test if the attribute given is an internal python attribute. For
example this function returns True for the func_code attribute of
python objects. This is useful if the environment method
is_safe_attribute() is overridden.

This function checks if an attribute on a builtin mutable object
(list, dict, set or deque) would modify it if called. It also supports
the “user”-versions of the objects (sets.Set, UserDict.* etc.) and
with Python 2.6 onwards the abstract base classes MutableSet,
MutableMapping, and MutableSequence.

If called with an unsupported object (such as unicode) False is
returned.

>>> modifies_known_mutable("foo","upper")False

Note

The Jinja2 sandbox alone is no solution for perfect security. Especially
for web applications you have to keep in mind that users may create
templates with arbitrary HTML in so it’s crucial to ensure that (if you
are running multiple users on the same server) they can’t harm each other
via JavaScript insertions and much more.

Also the sandbox is only as good as the configuration. We strongly
recommend only passing non-shared resources to the template and use
some sort of whitelisting for attributes.

Also keep in mind that templates may raise runtime or compile time errors,
so make sure to catch them.

For maximum performance Jinja2 will let operators call directly the type
specific callback methods. This means that it’s not possible to have this
intercepted by overriding Environment.call(). Furthermore a
conversion from operator to special method is not always directly possible
due to how operators work. For instance for divisions more than one
special method exist.

With Jinja 2.6 there is now support for explicit operator intercepting.
This can be used to customize specific operators as necessary. In order
to intercept an operator one has to override the
SandboxedEnvironment.intercepted_binops attribute. Once the
operator that needs to be intercepted is added to that set Jinja2 will
generate bytecode that calls the SandboxedEnvironment.call_binop()
function. For unary operators the unary attributes and methods have to
be used instead.

The default implementation of SandboxedEnvironment.call_binop
will use the SandboxedEnvironment.binop_table to translate
operator symbols into callbacks performing the default operator behavior.

This example shows how the power (**) operator can be disabled in
Jinja2:

fromjinja2.sandboximportSandboxedEnvironmentclassMyEnvironment(SandboxedEnvironment):intercepted_binops=frozenset(['**'])defcall_binop(self,context,operator,left,right):ifoperator=='**':returnself.undefined('the power operator is unavailable')returnSandboxedEnvironment.call_binop(self,context,operator,left,right)

Make sure to always call into the super method, even if you are not
intercepting the call. Jinja2 might internally call the method to
evaluate expressions.